Research Concepts
该视图旨在促进对弱点的研究,包括它们之间的相互依赖性,并可用来系统地找出CWE内部的理论差距。它对弱点进行了分类,在很大程度上忽略了如何检测它们,它们出现在代码中的什么地方,以及它们何时被引入软件开发生命周期。相反,它主要是根据软件行为的抽象来组织的。Development Concepts
该视图围绕软件开发中经常使用或遇到的概念组织弱点。因此,该视图可以与开发人员、教育工作者和评估供应商的观点紧密一致。它提供了多种类别,旨在简化导航、浏览和映射。Architectural Concepts
该视图根据常见的架构安全策略组织弱点。它旨在帮助架构师识别设计软件时可能出现的潜在错误。
CWE-1151: SEI CERT Oracle Java安全编码标准-准则17.Java本机接口(JNI)
CWE-1171: SEI CERT C编码标准-准则50.POSIX(POS)
CWE-1179: SEI CERT Perl编码标准-指南01.输入验证和数据消毒(IDS)
CWE-171: 清理、规范化和比较错误
CWE-19: 数据处理错误
CWE-320: 密钥管理错误
CWE-371: 状态问题
CWE-438: 行为问题
CWE-452: 初始化和清除错误
CWE-569: 表达问题
CWE-719: OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
CWE-722: OWASP Top Ten 2004 Category A1 - Unvalidated Input
CWE-725: OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws
CWE-740: CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR)
CWE-743: CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO)
CWE-802: 2010 Top 25 - Risky Resource Management
CWE-810: OWASP Top Ten 2010 Category A1 - Injection
CWE-813: OWASP Top Ten 2010 Category A4 - Insecure Direct Object References
CWE-846: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL)
CWE-849: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 6 - Object Orientation (OBJ)
CWE-854: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI)
CWE-859: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC)
CWE-864: 2011 Top 25 - Insecure Interaction Between Components
CWE-867: 2011 Top 25 - Weaknesses On the Cusp
CWE-869: CERT C++ Secure Coding Section 01 - Preprocessor (PRE)
CWE-872: CERT C++ Secure Coding Section 04 - Integers (INT)
CWE-875: CERT C++ Secure Coding Section 07 - Characters and Strings (STR)
CWE-878: CERT C++ Secure Coding Section 10 - Environment (ENV)
CWE-881: CERT C++ Secure Coding Section 13 - Object Oriented Programming (OOP)
CWE-885: SFP Primary Cluster: Risky Values
[共 1189 条]